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Following Russia’s occupation of Ukraine’s Crimea region and invasion of eastern Ukraine in Analyst in Russian and 
2014, many observers have linked Russia to additional malicious acts abroad. U.S. and European European Affairs 
officials and analysts have accused Russia of, among other things, interfering in U.S. elections in 

2016; attempting a coup in Montenegro in 2016; conducting cyberattacks against the World Anti- 

Doping Agency and the Organization for the Prohibition of Chemical Weapons in 2016 and 

2018, respectively; attempting to assassinate Russian intelligence defector Sergei Skripal in the 

United Kingdom in 2018; and offering “bounties” to Taliban-linked fighters to attack U.S. personnel in Afghanistan. 
Implicated in all these activities is Russia’s military intelligence agency, the Main Directorate of the General Staff (GU), also 
known as the GRU. 


November 15, 2021 


The United States has indicted GRU officers and designated the GRU for sanctions in response to Russia’s invasion of 
Ukraine, cybercrimes, and election interference. The Department of Justice has indicted GRU officers for cyber-related 
offenses against the World Anti-Doping Agency and the Organization for the Prohibition of Chemical Weapons, NotPetya 
malware attacks in 2017, various cyberattacks against the 2018 Olympics, and interference in the 2016 U.S. elections. The 
GRU as an agency has been designated for sanctions under Executive Order 13694, as amended, and Section 224 of the 
Countering Russian Influence in Europe and Eurasia Act of 2017 (CRIEEA; P.L. 115-44/H.R. 3364 Countering America’s 
Adversaries Through Sanctions Act [CAATSA], Title II). 


The GRU is a large, expansive organization under the command of Russia’s Ministry of Defense and Defense Minister 
Sergei Shoigu. Headed since 2018 by Admiral Igor Kostyukov, the GRU plays an important role in Russia’s foreign and 
national security policies. As an arm of the military, the GRU is responsible for all levels of military intelligence, from 
tactical to strategic. The GRU commands Russia’s spetsnaz (special forces) brigades, which conduct battlefield 
reconnaissance, raiding, and sabotage missions, in addition to training and overseeing local proxies or mercenary units. 
Additionally, the GRU conducts traditional intelligence missions through the recruitment and collection of human, signals, 
and electronic assets. Beyond its traditional combat- and intelligence-related roles, the GRU conducts extensive cyber, 
disinformation, propaganda, and assassination operations. These operations are often aggressive and brazen, leading to 
publicity and the exposure of GRU culpability. 


Congress and the executive branch continue to consider responses and countermeasures to malicious Russian activities. 
Because the GRU continues to conduct cyberattacks, election interference, assassinations, and disinformation, understanding 
the agency’s structure and the position it occupies in Russian foreign and security policy can help identify what the GRU is 
capable of and why it conducts particular operations. Understanding the GRU also offers insight into Russia’s wider use of 
cyber, disinformation, and influence operations and can inform broader discussions of potential U.S. responses and 
countermeasures. 


This report addresses Russian military intelligence, including organizational structure and activities, and related U.S. policy. 
For further background on Russia, see CRS Report R46761, Russia: Foreign Policy and U.S. Relations, by Andrew S. 
Bowen and Cory Welt; CRS In Focus IF11718, Russian Cyber Units, by Andrew S. Bowen; CRS Report R46518, Russia: 
Domestic Politics and Economy, by Cory Welt and Rebecca M. Nelson; CRS In Focus IF11625, Russian Armed Forces: 
Military Doctrine and Strategy, by Andrew S. Bowen; CRS In Focus IF11589, Russian Armed Forces: Capabilities, by 
Andrew S. Bowen; and CRS Report R45415, U.S. Sanctions on Russia, coordinated by Cory Welt. 
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Introduction 


Russia’s military intelligence agency is a large, expansive, and powerful organization responsible 
for the collection of foreign intelligence and the operation of Russia’s military special forces 
(spetsnaz) units. Since 2010, its official title has been the Main Directorate (Glavnoye 
upravleniye) of the General Staff, formally referred to in abbreviated form as the GU, although 
commonly referred to as the GRU (Glavnoye razvedyvatel ’noye upravileniye, or Main Intelligence 
Directorate).! 


Due to its operations and responsibilities, the GRU is one of the most well-known of Russia’s 
intelligence agencies. It plays a large role in Russian foreign and security policy. By 
understanding the GRU and its operations, Members of Congress may gain greater insight into 
the conduct of Russian foreign and security policy, including the use of disinformation, 
propaganda, and cyber strategies. 


In recent years, reports have linked the GRU to some of Russia’s most aggressive and public 
intelligence operations. Reportedly, the GRU played a key role in Russia’s occupation of 
Ukraine’s Crimea region and invasion of eastern Ukraine, the attempted assassination of former 
Russian intelligence officer Sergei Skripal in the United Kingdom (UK), interference in the 2016 
U.S. presidential elections, disinformation and propaganda operations, and some of the world’s 
most damaging cyberattacks. The GRU operates both as an intelligence agency, collecting human, 
cyber, and signals intelligence, and as a military organization responsible for battlefield 
reconnaissance and the operation of Russia’s main spetsnaz forces.” 


Analysts note the GRU has a distinct organizational identity due to its dual status as an 
intelligence and military organization. Additionally, from its inception, the GRU has competed 
with other Russian security organs for resources and responsibilities. Other intelligence agencies 
have continually sought to take over the GRU’s missions and responsibilities, leading to intense 
competition and often a duplication of efforts. Analysts and researchers have noted that the 
GRU’s unique organizational culture and competition with other agencies may factor into its 
willingness to conduct aggressive and often reckless operations, as a way to justify the GRU’s 
utility to Russia’s political leadership. 


This report focuses on the GRU’s origins, missions, documented or reported operations, and 
related U.S. policy. It first addresses the GRU’s history and background to provide context for 
understanding its organizational mindset and traditional responsibilities. It then examines the 
GRU’s organizational structure; analyzes the GRU’s various missions, including intelligence 
collection, control of spetsnaz units, and cyber capabilities and operations; and addresses related 
U.S. policy and congressional action. The report concludes with a brief assessment of the GRU’s 
future outlook. 





' This report uses the abbreviation GRU. 


2 Spetsnaz in this report refers to the military spetsnaz brigades under GRU command. There are numerous other elite 
units in Russia often referred to as spetsnaz that are not under the control of the GRU. 


3 Mark Galeotti, “Putin’s Hydra: Inside Russia’s Intelligence Services,” European Council on Foreign Relations, May 
11, 2016, p. 2 
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Background and History 


Russian military intelligence traces its lineage to 1918 under Russian leader Leon Trotsky.‘ 
Similar to civilian intelligence agencies created by the Bolsheviks (Communists) during the 
Russian Civil War, Russian military intelligence initially focused on protecting the regime from 
“counterrevolutionaries” from abroad. First known as the Registration Department 
(Razvedupravlenie, or Razvedupr), Russia’s military intelligence soon became known as the 
Fourth Directorate of the Red Army. It gradually expanded its focus to collecting intelligence 
abroad and supporting Soviet foreign policy.’ Its activities included running human intelligence 
assets, conducting propaganda and disinformation operations, and conducting sabotage operations 
(also known as active operations). During the 1920s and 1930s, the Fourth Directorate developed 
a reputation for aggressive and often careless operations, which led to numerous diplomatic 
incidents. 


The Fourth Department also developed rivalries with other Soviet intelligence agencies, 
competing for missions, influence, and responsibilities.° For instance, Felix Dzerzhinsky, founder 
of the Cheka, a predecessor to the Committee for State Security (KGB), complained about “the 
irresponsible activities of the Razvedupr, dragging us into conflict with neighboring states.”” The 
Fourth Directorate’s close connection with the Comintern (Communist International), through 
which it conducted many activities and recruited agents, created friction with the Soviet Union’s 
People’s Commissariat for Foreign Affairs due to blowback from exposed operations and 
activities. 


Due to continued infighting and the need to streamline operations, the Main Intelligence 
Directorate of the General Staff (GRU) was created in 1942. During World War II, the GRU 
supervised sabotage, resistance, and guerrilla actions against the Nazis.’ After the war, the GRU 
was placed under the direct command of the General Staff and, alongside the KGB’s First 
Directorate, given responsibility for conducting both legal (under diplomatic cover) and 
illegal/nonofficial (without diplomatic cover) intelligence operations abroad, primarily focused on 
militarily relevant intelligence (such as acquiring Western technology and assessing strategic 
military capabilities).'° 


* Trotsky was a key leader of the Bolsheviks (the precursor to the Communist Party of the Soviet Union) and member 
of the Bolshevik (later Communist) Politburo. He also was the People’s Commissar of Military and Naval Affairs from 
1918 to 1925, and he was responsible for the creation of the Red Army. Raymond W. Leonard, “Studying the 
Kremlin’s Secret Soldiers: A Historiographical Essay on the GRU, 1918-1945,” Journal of Military History, vol. 56, 
no. 3 (1992), pp. 403-422; Jonathan Haslam, Near and Distant Neighbors: A New History of Soviet Intelligence (New 
York: Farrar, Straus and Giroux, 2015). 


5 Raymond W. Leonard, Secret Soldiers of the Revolution: Soviet Military Intelligence, 1918-1933 (Westport, CT: 
Greenwood Press, 1999). 


6 Leonard, Secret Soldiers, pp. 7, 17-19. 


7 The full name of the Cheka was the All-Russian Extraordinary Commission for Combating Counter-Revolution and 
Sabotage. Haslam, Near and Distant Neighbors, p. 29. 

8 The Comintern (Communist International) was a Soviet organization dedicated to advancing Communism globally 
through the coordination of national communist parties. Owen Matthews, An Impeccable Spy: Richard Sorge, Stalin’s 
Master Agent (London: Bloomsbury, 2019). 

? David M. Glantz, Soviet Military Intelligence in War (New York: Frank Cass, 1990). 


10 Raymond L. Garthoff, Soviet Leaders and Intelligence: Assessing the American Adversary During the Cold War 
(Washington D.C.: Georgetown University Press, 2015), pp. 13-15, 46. 
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In addition, the GRU was responsible for the creation of special forces units known as spetsnaz 
(voiska spetsialnogo naznacheniya). Growing out of the Soviet experience during the Russian 
Civil War, both the NK VD (a KGB precursor) and the GRU trained units in sabotage and 
guerrilla-style operations, also known as razvedchiki (literally, “scouts’’).!' This experience 
proved invaluable during World War II, when the Soviets used partisan formations extensively. In 
1950, these forces became the spetsnaz, created to fulfill long-range battlefield reconnaissance 
and sabotage operations, specifically targeting NATO command and control and nuclear weapons. 


Throughout the Cold War, the GRU spetsnaz gained extensive experience supporting, training, 
and supervising local allied forces in numerous conflicts. Spetsnaz units played key roles in the 
Soviet invasions of Hungary in 1956 and Czechoslovakia in 1968. They also gained significant 
experience and notoriety during the Soviet invasion of Afghanistan (1979-1989). Spetsnaz units 
conducted rapid-response, interdiction, and ambush operations and were involved in the 1979 
assassination of Afghanistan’s leader, Hafizullah Amin." 


After the dissolution of the Soviet Union in 1991, the GRU, like the Ministry of Defense and 
other intelligence services, struggled for financial and political support in Russia. As the KGB 
was carved up into various organizations, the GRU fought for relevance and to prevent its 
missions from being given to newly emerging security organizations.'* Despite massive personnel 
losses and budget cuts, the GRU retained its foreign intelligence presence and its independence 
under the General Staff." At the same time, GRU spetsnaz forces suffered heavily from budget 
cuts and the lack of a clearly defined need, since conflict with NATO became unlikely. Many 
officers saw better prospects in the Airborne Forces (VDV), which positioned itself as a more 
capable and elite rapid-response unit. Some former spetsnaz allegedly worked for organized 
crime.! In wars against Russia’s breakaway region of Chechnya in the 1990s and 2000s, the 
GRU and spetsnaz units participated in direct combat and managed local allied Chechen forces.!’ 


Organizational Structure 


Russian military intelligence headquarters is located in the Khoroshevsky District in Moscow.'® 
Currently, the GRU is headed by Admiral Igor Kostyukov.'? Under the command of the General 


11 Mark Galeotti, Spetsnaz: Russia’s Special Forces (Oxford: Osprey Publishing, 2015), pp. 8-11. 


12 Mark Galeotti, “Spetsnaz: Operational Intelligence, Political Warfare, and Battlefield Role,” Marshall Center 
Security Insights, no. 46 (February 2020). 


'3 Galeotti, Spetsnaz: Russia’s Special Forces, pp. 14-28. 


14 Amy Knight, Spies Without Cloaks: The KGB’s Successors (Princeton: Princeton University Press, 1996), pp. 119- 
120; Andrei Soldatov and Irina Borogan, The New Nobility: The Restoration of Russia’s Security State and the 
Enduring Legacy of the KGB (New York: Public Affairs, 2010), pp. 14, 21. 


'S Amy Knight, “This Russian Spy Agency Is in the Middle of Everything,” Daily Beast, August 10, 2018. 


'6 Graham Turbiville, “Organized Crime and the Russian Armed Forces,” Transnational Organized Crime vol. 1, no. 4 
(1995), pp. 57-104; Mark Galeotti, “The Criminalisation of Russian State Security,” Global Crime, vol. 7, no. 3-4 
(2006), p. 472; Mark Galeotti, The Vory: Russia’s Super Mafia (New Haven: Yale University Press, 2018), pp. 207- 
208. 

17 Galeotti, Spetsnaz: Russia’s Special Forces, pp. 31-35; Mark Kramer, “The Perils of Counterinsurgency: Russia’s 
War in Chechnya,” International Security, vol. 29, no. 3 (2004/05), pp. 14, 18; Olga Oliker, Russia’s Chechen Wars 
1994-2000: Lessons from Urban Combat (Santa Monica: RAND, 2001). 

'8 President of Russia, “President Vladimir Putin visited the new headquarters of the Russian Armed Forces General 
Staff Chief Intelligence Directorate (GRU),” press release, November 8, 2006, at http://en.kremlin.ru/events/president/ 
news/36598. 


19 TASS, “First Naval Officer Nominated to Head Russia’s GRU,” November 22, 2018; Tatiana Stanovaya, “New 
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Staff and Defense Minister Sergei Shoigu, the GRU maintains significant operational autonomy 
and can brief Russian President Vladimir Putin directly.” 








GRU Organizational Structure 


The GRU is divided into |5 directorates—4 regional and || mission-specific. Within the directorates are multiple 
sub-directorates or individual units. Individual GRU units are identified by their military postbox numbers. For 
example, the GRU’s cyber capabilities are located within the Sixth Directorate and include Unit 26165 and Unit 
74455. 


The GRU’s true structure is a closely guarded secret. The structure described below is based on publicly available 
reports and documents. 








Regional Directorates (4) Mission-Specific Directorates (11) 
(1) First Directorate: European Union (5) Fifth Directorate: Operational Intelligence 
(2) Second Directorate: North and South America, (6) Sixth Directorate: Electronic/Signals Intelligence 
United Kingdom, Australia, New Zealand (7) Seventh Directorate: NATO 


(3) Third Directorate: Asia 
(4) Fourth Directorate: Africa 


(8) Eighth Directorate: Spetsnaz 

(9) Ninth Directorate: Military Technology 

(10) Tenth Directorate: Military Economy 

(11) Eleventh Directorate: Strategic Doctrine 
(12) Twelfth Directorate: Information Operations 
(13) Space Intelligence Directorate 

(14) Operational and Technical Directorate 

(15) External Relations Department 





Sources: Congressional Research Service (CRS) interview with Mark Galeotti; Viktor Suvorov, Inside the 
Aquarium: The Making of a Top Soviet Spy (New York: MacMillan, 1985); Stanislav Lekarev, “Two Types of Russian 
Intelligence Are Unified,” Nezavisimaya Gazeta, August 31, 2001; Daniil Turovsky, “What Is the GRU? Who Gets 
Recruited to Be a Spy? Why Are They Exposed So Often?,” Meduza, November 6, 2018; Mark Urban, The Skripal 
Files: The Life and Near Death of a Russian Spy (New York: Henry Holt and Company, 2018); RFE/RL, “On the Trail 
of the 12 Indicted Russian Intelligence Officers,” July 19, 2020. 





Today, Russian military intelligence is responsible for the collection of foreign intelligence using 
a full range of methods and sources (human, cyber, satellite, and signals intelligence), intelligence 
analysis, and battlefield reconnaissance and sabotage missions through its spetsnaz units. This 
means the GRU oversees both strategic- and tactical-level intelligence collection.*! The GRU has 
increased its cyber capabilities in recent years (conducting election interference, offensive 
cyberattacks, and disinformation operations), in addition to its traditional electronic, signals, and 
radio intelligence capabilities.” 





Boss, Old Rules,” Riddle, November 28, 2018. 

20 Galeotti, “Putin’s Hydra,” p. 2. 

21 Andrew Roth, “How the GRU Spy Agency Targets the West, from Cyberspace to Salisbury,” Guardian, August 6, 
2018; Guy Faulconbridge, “What Is Russia’s GRU Military Intelligence Agency?” Reuters, October 5, 2018. 


22 The GRU always had a large signals intelligence collection mission, but its capabilities were increased when it 
acquired the radio-electronic intelligence capabilities of the now-defunct Federal Agency of Government 
Communications and Information (FAPSI) in 2003. Gordon Bennett, “FPS and FAPSI—RIP,” Conflict Studies 
Research Centre, Occasional Paper no. 96, p. 4. 
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Due to its dual role, the GRU has extensive capabilities and experience organizing proxy forces 
and local allies in numerous conflict zones, as well as in conducting assassinations and other 
targeted attacks. Despite overseeing both intelligence and spetsnaz operations, not all GRU 
officers have spetsnaz backgrounds or vice versa.” Analysts contend, however, that overseeing 
both types of operations has led to a risk-acceptant and risk-taking culture, thereby contributing to 
operations with a higher likelihood of exposure.“ 


Relationship to Other Russian Intelligence Agencies 


Russia’s intelligence agencies are divided organizationally and across factional and personal 
lines.” Agencies compete with each other for greater responsibilities, budgets, and political 
influence, often at the expense of other agencies.” This competitive environment often 
contributes to uncoordinated and duplicated intelligence efforts.’ 


The GRU operates alongside the Foreign Intelligence Service (SVR), Federal Security Service 
(FSB), and Federal Protective Service (FSO).”® The GRU and the SVR are Russia’s primary 
intelligence agencies responsible for the collection of foreign intelligence.” Domestically, the 
FSB is responsible for counterintelligence. The FSB, however, has sought to gain a greater 
foreign intelligence role and has significant international operations, especially in Russia’s 
neighboring post-Soviet states.” This reportedly has caused significant friction within Russia’s 
intelligence community, especially with the GRU and SVR, which consider foreign intelligence 
collection their primary responsibility.*! The FSO operates as an overseer of the various security 
services, helping to monitor infighting and the accuracy of intelligence reporting. Although the 
GRU can directly brief the president, it does not have the same level of direct access as the SVR 
(the primary agency responsible for foreign intelligence), the FSB (the primary agency 
responsible for domestic security), or the FSO, which controls the Presidential Security Service.” 
Analysts and reporting therefore suggest the GRU’s influence is often relative to the ability of its 
chief to develop personal relationships with Russia’s political leadership.» 





23 Mark Galeotti, “Special Troops of GRU Will Be Growing Headache for the West,” Raamoprusland, September 28, 
2018. 

24 Galeotti, “Putin’s Hydra,” p. 2. 

25 Brian D. Taylor, State Building in Putin’s Russia: Policing and Coercion After Communism (Cambridge: Cambridge 
University Press, 2011); Tatiana Stanovaya, “Why the Kremlin Can’t Keep Its Chekists in Check,” Riddle, July 25, 
2019. 


2 Peter Reddaway, Russia’s Domestic Security Wars: Putin’s Use of Divide and Rule Against His Hardline Allies 
(London: Palgrave Pivot, 2018); Joss I. Meakins, “Squabbling Siloviki: Factionalism Within Russia’s Security 
Services,” International Journal of Intelligence and Counterintelligence, vol. 31, no. 2 (2018), pp. 235-270. 


27 Mark Galeotti, “The Intelligence and Security Services and Strategic Decision-Making,” Marshall Center Security 
Insights, no. 30 (May 2019). 


28 For more on Russia’s internal security and law enforcement agencies, see CRS In Focus IF11647, Russian Law 
Enforcement and Internal Security Agencies, by Andrew S. Bowen; Mark Galeotti, “Russian Intelligence and Security 
Agencies Vie for Central Role,” Jane’s Intelligence Review, August 29, 2018. 


2 The Foreign Intelligence Service (SVR) inherited the Committee for State Security’s (KGB’s) foreign intelligence 
operations of its First Main Directorate. 


30 Mark Galeotti, “The Spies Who Love Putin,” Atlantic, January 17, 2017. 


3! Andrei Soldatov, “Russian Foreign Intelligence Might Be in for a More Prominent Political Role,” Raamoprusland, 
May 24, 2019. 


3? Mark Galeotti, “Spooks in the Kremlin,” Foreign Policy, April 27, 2019. 
33 Galeotti, “Spooks in the Kremlin.” 
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2008 Georgian War to Present Day 


In 2008, Russia fought a war with Georgia to prevent Georgia from asserting control over its 
breakaway region of South Ossetia.** While ultimately victorious, the Russian military performed 
poorly, struggling with command-and-control issues, lack of coordination across service 
branches, and a low level of accurate intelligence on Georgian military forces and capabilities.’ 
Low-quality intelligence led to the bombing of empty airfields and military installations, friendly 
fire incidents, and a misunderstanding of the capabilities and morale of Georgian forces. Analysts 
assessed that, although intelligence provided by the GRU was inadequate, the spetsnaz brigades 
performed adequately.’ Overall, Russia’s disappointment with its military performance led to a 
program to modernize and reform the armed forces.*” 


Much of the blame for Russia’s military performance was placed on the GRU for providing faulty 
intelligence.** In response, competing security and intelligence agencies, along with other 
branches of the military, sought to take advantage of the GRU’s weakened political position. Due 
to its large size and expansive mission areas, the GRU suffered from the lack of a clearly defined 
role in the wake of the Georgian war.” In 2009, the GRU head, who had served since 1997, was 
replaced by his deputy.*° Media reports alleged there was discussion of downgrading the GRU’s 
status from a Main Directorate to a Directorate.*! By 2011, the GRU was downsized by over 
1,000 officers, with many retiring or transferring to other positions; the size of the GRU’s foreign 
intelligence operations also was reduced.” Perhaps most significant were plans for the GRU to 
lose control of the spetsnaz brigades to Russia’s military district commanders in 2010.” 


The GRU’s fortunes began to change with the appointment of Igor Sergun as GRU head in 
2011. Sergun presided over a revitalization of the GRU’s prestige. In contrast to previous GRU 
heads, analysts reportedly viewed Sergun (who had a background as a defense attaché and an 
intelligence officer) as a politically astute leader able to lobby for the agency’s interests.“ The 
GRU and Sergun prioritized the agency’s abilities to conduct “active measures,” or aggressive 





34 Mikhail Barabanov, Anton Lavrov, and Vyacheslav Tseluiko, Tanks of August, ed. Ruslan Pukhov (Moscow: Center 
for Analysis of Strategies and Technologies, 2010). 


35Ariel Cohen and Robert E. Hamilton, The Russian Military and the Georgia War: Lessons and Implications (Carlisle, 
PA: Strategic Studies Institute, 2011); Michael Kofman, “Russian Performance in the Russo-Georgian War Revisited,” 
War On The Rocks, September 4, 2018. 


36 Cohen and Hamilton, Russian Military and the Georgia War; Kofman, “Russian Performance in the Russo-Georgian 
War Revisited.” 


37 For more see CRS In Focus IF11603, Russian Armed Forces: Military Modernization and Reforms, by Andrew S. 
Bowen 


38 Tor Bukkvoll, “Russia’s Military Performance in Georgia,” Military Review vol. 89, no. 6 (2009), pp. 57-62. 

39 Mark Galeotti, “Putin’s Secret Weapon,” Foreign Policy, July 7, 2014. 

40 Mark Galeotti, “Korabelnikov Leaves Russian Military Intelligence,” In Moscow’s Shadows, April 26, 2009. 

41 This would represent a serious demotion that would limit the GRU’s influence, autonomy, and political importance. 
It would have limited the GRU’s direct access to the president and increased the General Staff’s direct control. 

42 Brian Whitmore, “Resetting the Siloviki,” RFE/RL Power Vertical, October 21, 2011; Denis Telmanov, “GRU Chief 
to be Fired Upon Leaving Hospital,” /zvestia, September 27, 2011. 

8 Roger McDermott, “Bat or Mouse? The Strange Case of Reforming Spetsnaz,” Eurasia Daily Monitor, November 2, 
2010. 

“4 Denis Telmanov, “GRU Headed by Igor Sergun,” /zvestia, December 26, 2011. 

4 Roger McDermott, “Russian Military Intelligence: Shaken but Not Stirred,” Eurasia Daily Monitor, February 7, 
2012; Mark Galeotti, “We Don’t Know What to Call Russian Military Intelligence and That May Be a Problem,” War 
On The Rocks, January 19, 2016; Galeotti, “Putin’s Hydra,” p. 13. 
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operations such as assassinations, controlling proxy forces, political subversion, and eventually 
cyber operations.*°The Russian military also abandoned plans in 2013 to move spetsnaz to the 
control of the ground forces due to a combination of bureaucratic hurdles and resistance.“ 


The GRU demonstrated its importance during Russia’s 2014 occupation of Ukraine’s Crimea 
region and invasion of eastern Ukraine.** Russia’s Crimea operation relied heavily upon GRU 
intelligence and spetsnaz forces to seize strategic points across the peninsula. The GRU’s 
success continued in the Donetsk and Luhansk regions of eastern Ukraine by creating, 
supervising, and monitoring the numerous proxy and local rebel forces fighting against the 
Ukrainian government.” 


The GRU’s experience in managing proxy forces continued to prove useful as Russia intervened 
in Syria.°! Spetsnaz proved instrumental in training, advising, and coordinating air strikes with 
Syrian government and pro-government militia forces.’ The traditional spetsnaz mission of 
battlefield reconnaissance was particularly important for Russia’s air campaign, which helped the 
Syrian government retake crucial areas and urban centers.™ 


As the GRU was reasserting its role and missions, it began to invest in cyber capabilities." 
Development of these types of capabilities would allow the GRU to operate in an environment 
marked by confusion and low attribution.” Contested environments, such as in Ukraine and the 





46 Galeotti, “Putin’s Hydra,” p. 7. 


47 This also roughly coincided with the reversal of many of the initial military reforms and the removal of Anatoly 
Serdyukov, Minister of Defense, and General Nikolai Makarov, Chief of the General Staff, who initiated the wide- 
ranging reform program. Mark Galeotti, “The Rising Influence of Russian Special Forces,” Jane’s Intelligence Review, 
November 24, 2014; Alexander Golts, “Reform: The End of the First Phase — Will There Be a Second?” Journal of 
Slavic Military Studies, vol. 27, no. 1 (2014), pp. 131-146. 


48 Charles K. Bartles and Roger N. McDermott, “Russia’s Military Operation in Crimea: Road Testing Rapid Reaction 
Capabilities,” Problems of Post-Communism, vol. 61, no. 6 (2014), pp. 46-63; Galeotti, “Putin’s Secret Weapon”; 
Michael Kofman et al., Lessons From Russia’s Operations in Crimea and Eastern Ukraine, RAND, 2014. 
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cyber arena, have provided the GRU another way to justify and demonstrate its importance to the 
political leadership.*° 


In recent years, several GRU operations were uncovered (see “Attempted Hacking of the 
Organization for the Prohibition of Chemical Weapons,” below), exposing Russian complicity 
and complicating diplomatic relations.*’ Some analysts question whether these exposures are a 
result of GRU incompetence and amateurishness.** Other analysts suggest competing Russian 
security agencies may have undermined the GRU’s position for their own benefit.°? The GRU 
also suffered numerous leadership changes; then-GRU head Sergun died in late 2015 and was 
replaced by Igor Korobov, who himself died in 2018.8 


There is no outward indication the GRU has fallen into disfavor, despite these setbacks.°! At its 
100° anniversary celebration in 2018, shortly after the attempted assassination of former GRU 
intelligence officer Sergei Skripal in the UK, Putin thanked the agency and stated, “As supreme 
commander, I of course know with no exaggeration about your unique abilities including in 
conducting special operations.” Although it is unclear exactly how Russia’s political leadership 
views the GRU, the agency’s operations and publicly available information indicate the GRU 
remains a valued asset, especially for aggressive and risky operations. 


Intelligence Collection 


The GRU and the SVR share responsibility for the collection of foreign intelligence.® This 
includes the use of intelligence officers operating both under legal (diplomatic) cover out of 
Russia’s embassies and under illegal or nonofficial (without diplomatic) cover.“ GRU 
intelligence officers are trained at the Military Diplomatic Academy of the General Staff.® In 
each embassy, the GRU and the SVR operate individually, with separate command structures. 


The GRU nominally focuses on the collection of militarily relevant information, such as the size 
and capabilities of foreign militaries and decisionmaking, as well as technology acquisition. This 
focus does not preclude the collection of political intelligence, which is the primary focus of the 
SVR.” However, as analyst Mark Galeotti has opined, “Russian collection operations are not just 
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highly active but also extremely professional. Tasking, though, appears less impressive. While the 
Foreign Intelligence Service and GRU have a strong sense of the military and technical secrets 
they are meant to uncover, their political objectives are sometimes naive.” Analysts contend this 
tendency may reflect a poor understanding of democratic political systems. 


Arrests of GRU agents and assets in recent years illustrate the level of GRU activity. The 2019 
annual report of Estonia’s Foreign Intelligence Service stated that five GRU assets were 
uncovered from 2014 to 2018. In 2020, uncovered GRU assets included French and Austrian 
military officers, as well as a former U.S. Special Forces officer.”° In late December 2020, 
Bulgaria expelled a Russian military attaché over espionage, the sixth expulsion of Russian 
diplomats since October 2019.7! In March 2021, Bulgarian prosecutors arrested six people for 
running a Russian spy ring and passing classified information to Russian military intelligence.” 
In April 2021, Italian authorities caught two Russian military intelligence officers accepting 
classified information from an Italian navy officer.” 


Spetsnaz 


The GRU oversees Russia’s spetsnaz brigades.” Spetsnaz are an elite light infantry force 
designed to conduct battlefield reconnaissance, sabotage, and small unit direct action missions. 
They are organized into seven regular Independent Special Designation Brigades, a naval 
spetsnaz unit for each of Russia’s fleets, a brigade used for testing new weapons and equipment, 
and an independent regiment in occupied Crimea. Despite efforts to professionalize the force, 
units are still composed of some conscripts. 
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Spetsnaz 


Spetsnaz operate as Russia’s primary military reconnaissance force. They are similar in structure, mission, and 
training to U.S. Army Rangers. The below structure is recreated from publicly available sources. 


Spetsnaz Units Naval Spetsnaz 


2nd Brigade (Promezhitsa, Pskov) e 424 Independent Naval Reconnaissance 
3rd Guards Brigade (Tolyatti) Spetsnaz Point (Vladivostok, Pacific Fleet) 


10th Brigade (Molkino) e 420th Independent Naval Reconnaissance 


Spetsnaz Point (Severomorsk, Northern Fleet) 
14h Brigade (Usurisk) 


16th Brigade (Chuchkogo/Tambov, Moscow) 
2274 Guards Brigade (Aksai/Stepnoi) e 561s Independent Naval Reconnaissance 

24th Brigade (Irkutsk) Spetsnaz Point (Parusnoe, Kaliningrad, Baltic Fleet) 
100th Brigade (Mozdok) 

25th Independent Spetsnaz Regiment (Stavropol) 


e 43 |s Independent Naval Reconnaissance 
Spetsnaz Point (Sevastopol, Black Sea Fleet) 


Sources: Mark Galeotti, “Spetsnaz: Operational Intelligence, Political Warfare, and Battlefield Role,” Marshall 
Center, Security Insights no. 46 (February 2020); Russian Military Capability in a Ten Year Perspective-20 19, eds. Fredrik 
Westerlund and Susanne Oxenstierna (Stockholm: Swedish Defence Research Agency FOI, 2019). 





Supervising Proxy Forces 


The GRU and spetsnaz have gained significant experience creating and managing local allied 
proxy forces. Often these proxy forces are composed of organized criminals, warlords, or former 
rebels. Most often, spetsnaz operators act as overseers and trainers, helping to create new units 
directly subordinated to the GRU. This gives the GRU greater direct control over local proxies, 
which helps limit the influence of competing security agencies and increases leverage over local 
politicians.” 


During Russia’s Second Chechen War (1999-2009), the GRU—along with other agencies, such 
as the FSB—managed several local pro-Russian Chechen units, which proved effective against 
Chechen rebels.’”° The most famous units were Special Battalions Zapad and Vostok, which also 
participated in Russia’s 2008 war against Georgia.” 


During Russia’s invasion of Ukraine in 2014, the GRU relied heavily upon its experience 
managing proxies. During the course of the conflict, media reporting documented the presence of 
the Vostok Battalion, reportedly reconstituted after being demobilized in 2008, and identified 
GRU officer Oleg Ivannikov as allegedly responsible for transporting the anti-aircraft system that 
shot down Malaysian Airlines Flight 17 in 2014.’8 Ukraine also was used as a testing ground for 
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Russian private military companies, including the Wagner Group, which reportedly was closely 
tied to the GRU.” 


Spetsnaz also played a key role in Russia’s intervention in Syria.*° Spetznaz forces conducted 
battlefield reconnaissance and acted as trainers and advisers for the Syrian army and various pro- 
government militia forces, such as the 5“ Assault Corps.*! 


Assassinations and Targeted Attacks 


The GRU’s military capabilities have enabled it to carry out targeted attacks abroad. The GRU is 
implicated in numerous attempted and successful assassinations or targeted attacks (see “Targeted 
Overseas Attacks Linked to GRU Since 2014: Role of Unit 29155,” below). Some of these 
attacks were uncovered due to careless or lackluster spycraft, leading to accusations of 
incompetence on the part of the GRU. Some analysts, however, contend that the intent behind 
some targeted attacks is to send a message rather than to hide complicity.** If so, exposure is not a 
failure if the attack succeeds in conveying Russia’s ability and willingness to carry out targeted 
attacks.** 


One of the GRU’s most notorious and high-profile assassinations occurred in 2004; former 
Chechen separatist president Zelimkhan Yandarbiyev and his 13-year-old son were killed in a car 
bomb attack while living in exile in Qatar.*° Eventually, Qatar convicted two Russian agents of 
his murder, while a third was released due to his status as first secretary of the Russian Embassy, 
with diplomatic immunity. The men reportedly were GRU agents. They were repatriated to 
Russia to serve out their sentence but disappeared upon their return.*” 


Targeted Overseas Attacks Linked to GRU Since 2014: Role of Unit 29155 


According to information compiled from multiple media outlets, Unit 29155 is an elite GRU unit 
that conducts sensitive foreign operations, including assassinations and targeted attacks.** Unit 
29155 is reportedly connected to Russia’s elite Special Operations Forces Command headquarters 
unit, based in Senezh, outside of Moscow.* The reported head of Unit 29155 is Major General 
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Andrey Averyanov.®° Anatoliy Chepiga—a suspected attacker in the 2018 poisoning of Sergei 
Skripal and his daughter in the UK—was photographed at the wedding of Averyanov’s daughter 
in 2017.2! Many operatives of Unit 29155 also appear to have backgrounds in GRU spetsnaz 
brigades—including unit commander Averyanov. Further information supporting the unit’s 
operational nature is its reported headquarters at the 161‘ Special Purpose Specialist Training 
Center, a spetsnaz training facility.” 


In recent years, prosecutors and journalists have linked Unit 29155 to numerous malign activities 
across Europe. Such activities include Russia’s invasion and occupation of Ukraine’s Crimea 
region in 2014; the poisonings of Bulgarian arms dealer Emilian Gebrev in 2015; a coup attempt 
in 2016 to overthrow and replace a pro-Western prime minister in Montenegro, potentially to 
prevent the country from joining NATO; and the poisoning of Russian intelligence defector 
Sergei Skripal in 2018.” 


In addition, Unit 29155 operatives were traced to Switzerland around the time other GRU units 
hacked the World Anti-Doping Agency and planned hacks on the Organization for the Prohibition 
of Chemical Weapons (OPCW), which were investigating state-sponsored doping in sports and 
Russia’s use of chemical weapons, respectively.” Spain also has opened an investigation of travel 
by known Unit 29155 operative Denis Sergeev to Barcelona in 2017 around the time Catalan 
separatists organized an illegal referendum on independence.” 


In 2019, French newspaper Le Monde reported that European intelligence agencies had tracked 
GRU operatives from Unit 29155 who appeared to be using France’s Haute-Savoie region in the 
Alps as a base to conduct operations.” 


In June 2020, media organizations reported that U.S. intelligence officials had concluded GRU 
agents had offered payments to Taliban-linked militants to attack U.S. and other international 
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forces in Afghanistan. Reportedly, U.S. intelligence sources believed GRU Unit 29155 was 
responsible for facilitating these payments.” U.S. intelligence agencies reportedly differed in 
their level of confidence concerning the accuracy of specific “bounty” payments and the direct 
role of the Kremlin in authorizing payments, but the agencies reportedly shared “high 
confidence” in the existence of “strong ties ... between Russian operatives and the Afghan 
network where the bounty claims arose.””* 


In April 2021, Czech authorities blamed Unit 29155 for a series of previously unexplained 
explosions at arms depots in 2014, which killed two people.” In response, Czech authorities 
expelled 18 Russian diplomats; Russia responded by expelling 20 Czech diplomats.'® Ultimately, 
Czech authorities expelled over 70 diplomats to bring the traditionally large Russian diplomatic 
mission to Prague in line with the Czech mission in Moscow.’®! Media reporting alleged the arms 
belonged to Bulgarian arms dealer Emilian Gebrev, who reportedly survived poisoning attempts 
by Unit 29155 in 2015 and was planning to ship the ammunition to Ukraine at the time of the 
explosions.!” Soon after the revelations, Bulgarian prosecutors announced investigations into a 
series of unexplained explosions at several ammunition depots inside Bulgaria.!™ 


In addition to the GRU and Unit 29155, Russia’s other intelligence services reportedly operate 
clandestine teams for sensitive operations abroad. The FSB controls Russia’s elite antiterrorist 
teams, Alpha and Vympel, located within the FSB’s Special Purpose Center.!™ Alpha is Russia’s 
primary counterterrorist force. Vympel is responsible for external operations, including sabotage, 
alleged assassinations, and covert surveillance. Vympel reportedly is linked to the 2019 daytime 
assassination of former Chechen military commander Zelimkhan Khangoshvili in Berlin.'® The 
SVR also reportedly has an elite operational unit known as Zaslon; little public information is 
available about the unit, although its presence was reportedly documented in Syria.!° 





°7 Charlie Savage, Eric Schmitt and Michael Schwirtz, “Russia Secretly Offered Afghan Militants Bounties to Kill U.S. 
Troops, Intelligence Says,” New York Times, June 26, 2020; Charlie Savage et al., “Suspicions of Russian Bounties 
Were Bolstered by Data on Financial Transfers,” New York Times, June 30, 2020. 


°8 Charlie Savage, Eric Schmitt, and Michael Schwirtz, “Russian Spy Team Left Traces That Bolstered CIA’s Bounty 
Judgement,” New York Times, May 7, 2021. 


°° Mike Eckel, Ivan Bedrov, and Olha Komarova, “A Czech Explosion, Russian Agents, A Bulgarian Arms Dealer: The 
Recipe for a Major Spy Scandal in Central Europe,” RFERL, April 18, 2021; Loveday Morris, Ladka Bauerova, and 
Robyn Dixon, “Accusations of Spying and Sabotage Plunge Russian-Czech Relations Into the Deep Freeze,” 
Washington Post, April 19, 2021. 


100 James Shotter, “Czechs Expel 18 Russian Diplomats over 2014 Explosion,” FT, April 18, 2021. 


101 Henry Foy, “Russia Expels Seven More European Diplomats,” FT, April 28, 2021; RFERL, “Dozens of Russian 
Diplomats Leave Czech Republic amid Strained Relations,” May 29, 2021. 


102 Michael Schwirtz, “The Arms Merchant in the Sights of Russia’s Elite Assassination Squad,” New York Times, 
April 24, 2021. 


103 Boryana Dzhambazova and Michael Schwirtz, “Russian Spy Unit Investigated for Links to Bulgarian Explosions,” 


April 28, 2021. 


104 These units are known officially as Directorate-A and Directorate-V. For more, see Boris Volodarsky, “License to 
Kill,” Wall Street Journal, December 20, 2006; Mark Galeotti, Russian Security and Paramilitary Forces Since 1991 
(Oxford: Osprey Publishing, 2013), pp. 35-42. 


105 The Federal Security Service (FSB) also is linked to numerous assassinations of ex-Chechen fighters and Islamists 
in Turkey. BBC News, “Have Russian Hitmen Been Killing with Impunity in Turkey?” December 13, 2016; Bellingcat, 
“V? For ‘Vympel’: FSB’s Secretive Department ‘V’ Behind Assassination of Georgian Asylum Seeker in Germany,” 
February 17, 2020; Bellingcat, “FSB’s Magnificent Seven: New Links Between Berlin and Istanbul Assassinations,” 
June 29, 2020. 


10% Galeotti, “The Three Faces of Russian Spetsnaz in Syria.” 





Congressional Research Service 13 


Russian Military Intelligence: Background and Issues for Congress 





Cyberespionage and Disinformation Activities 


In his 2018 confirmation hearing to head U.S. Cyber Command and the National Security 
Agency, General Paul K. Nakasone said, “as the most technically advanced potential adversary in 
cyberspace, Russia is a full-scope cyber actor, employing sophisticated cyber operations tactics, 
techniques, and procedures against U.S. and foreign military, diplomatic, and commercial targets, 
as well as science and technology sectors.”!”” Most observers believe the GRU is responsible for 
many of these types of operations. "°S 


Since 2008, the GRU has developed significant cyber capabilities, complementing its long- 
standing experience in conducting psychological and information operations.’ The development 
of GRU cyber capabilities coincided with two broader developments in Russian security and 
military thinking: the role of nonviolent tools in conflict and information warfare. Since the early 
2000s, Russian military doctrine has adopted an evolving view of warfare, in which the line 
between peace and conflict is increasingly blurred and the utility of nonviolent tools is 
increasingly important. The Russian military understands cyber operations as an effective and 
relatively cheap tool (in part due to deniability and difficulty in attribution) to undermine, subvert, 
and manipulate an adversary.''° Cyber tools have become an increasingly crucial component in 
Russia’s efforts to accomplish a range of tasks in the larger informational struggle between 
adversaries. '!! 


Attempted Hacking of the Organization for the Prohibition of Chemical Weapons 


On March 4, 2018, former GRU officer Sergei Skripal and his daughter were exposed to a highly toxic and 
potentially lethal chemical weapon agent in Salisbury, United Kingdom (UK). Russia and the GRU were quickly 
blamed for the attack, despite repeated denials from Russian authorities. GRU agents eventually were identified in 
Salisbury and charged for the attack. UK authorities also identified the chemical weapon as a Novichok, a class of 
nerve agent developed in the Soviet Union. 


To help confirm these findings, samples were sent to the Organization for the Prohibition of Chemical Weapons 
(OPCW) in The Hague, Netherlands. The OPCW also was investigating claims of an alleged gas attack in Syria by 
the Bashar al Asad regime against the town of Douma. 


On April 10, 2018, four GRU agents traveling on diplomatic passports entered the Netherlands. Between April | | 
and April 12, the agents conducted reconnaissance of the area around OPCW headquarters and booked rooms at 
a hotel directly next to the OPCW. Working with UK intelligence, Dutch security services arrested the four men 
on April 13. Discovered in a GRU agent’s car was high-tech equipment, which could be used to hack into OPCW 
Wi-Fi networks, a so-called “close access hack.” The equipment was confiscated and the agents were expelled 
from the country. 

The Netherlands and the UK held a joint press conference on October 4, 2018, detailing the GRU operation and 
identifying the agents. At the same time, Australia, New Zealand, Canada, and NATO released statements 
supporting the identification of malicious cyber activity from Russia and condemned Russian actions. On the same 
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day, the U.S. Department of Justice released indictments against seven GRU officers for the attempted OPCW 
hack, as well as for hacking the World Anti-Doping Agency (and other anti-doping agencies) in 2016; the agencies 
were investigating Russia’s use of performance-enhancing drugs during the 2014 Sochi Winter Olympics. In 
response to the Skripal attack and the attempted OPCW hack, more than 26 countries expelled more than 150 
Russian diplomats. The UK expelled 23 diplomats; the United States expelled 60 officials and closed the Russian 
consulate in Seattle and two recreational facilities allegedly used for intelligence collection in Maryland and Long 
Island. 
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At the same time, Russian security and military doctrines view information and disinformation 
operations as a crucial foreign policy tool.!!? Russian authorities, and their Soviet predecessors, 
have long recognized the importance of psychological operations, but their views have evolved in 
recognition of the changing information landscape since the 1990s.''? The ease of access to 
information presents both dangers and opportunities to Russia’s leaders.''4 


On the one hand, Russia’s leadership is concerned with the destabilizing effects of the free flow 
of information, such as instigating popular protests and stoking societal discontent. These effects 
are more dangerous due to the Russian belief that Western governments have manipulated 
information to overthrow unfriendly regimes.!! During 2020 protests in Belarus against President 
Alexander Lukashenko, Russian SVR chief Sergei Naryshkin accused the West of conducting a 
“poorly disguised attempt to organize another ‘color revolution’ and an anti-constitutional 
coup.”!!6 Russia sees itself as the target of such information operations, and Russia’s security and 
military doctrines describe the dangers posed by foreign manipulation of domestic audiences.!"’ 
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On the other hand, the use and manipulation of information provides opportunities for Russia. 
Many analysts note that due to a perception by Russian policymakers that the West targets Russia 
with information operations, Russian intelligence and security services in response seek to 
actively disrupt and undermine the domestic politics of adversaries, while at the same time 
disrupting and obfuscating any accusations of Russian culpability.!!8 The Russian government 
seeks to manipulate domestic audiences and undermine faith in democratic systems of 
government. Often, instead of seeking a particular outcome, the goal for Russian information 
operations is to cause chaos and weaken the domestic legitimacy of an adversary’s 
government.'!? 


Additionally, Russia has offensively used cyber operations to further Russian foreign policy 
objectives and inflict punishment on adversaries. These efforts have included offensive attacks 
against foreign electrical networks, banking sectors, government institutions, and even sporting 
events.'”° These attacks may be in service to a range of Russian foreign policy objectives. In an 
October 2020 indictment against GRU Unit 74455, U.S. Assistant Attorney General for National 
Security John C. Demers stated, “No country has weaponized its cyber capabilities as maliciously 
or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical 
advantages and to satisfy fits of spite.”!?! 


Media reporting and federal indictments indicate that to develop its cyber capabilities, the FSB 
has relied on co-opting, coercing, and recruiting talented individuals from Russia’s cyber- 
criminal community, often under threat of criminal prosecution.'” In contrast, the GRU 
apparently has sought to cultivate talent internally and developed multiple recruiting pathways. '” 
Due to its history in conducting signals intelligence and disinformation operations, the GRU was 
able to develop its capabilities into cyber operations. 
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GRU Cyber Operations and October 2020 U.S. Indictment 


The GRU has conducted numerous aggressive, malicious, and wide-ranging cyber operations against multiple 
targets. In 2015, GRU officers reportedly hacked the Bundestag, Germany’s national parliament. Germany issued 
an arrest warrant for GRU officer Dmitry Badin, who is an accused member of Unit 26165 and indicted by the 
United States for his role in 2016 election interference. In October 2020, the European Union and the United 
Kingdom sanctioned Badin and GRU head Igor Kostyukov over the hack. 


Also in October 2020, the U.S. Department of Justice indicted six GRU officers for a range of cyberattacks. In the 
indictment, Unit 74455, identified as Sandworm, allegedly is responsible for multiple cyberattacks, including the 
following: 


2015 attacks on Ukraine’s electrical infrastructure, Ministry of Finance, and State Treasury Service 


a 2017 hack-and-leak effort targeting French President Emmanuel Macron’s emails and interference in 
France’s presidential election 


a 2017 malware attack, commonly known as NotPetya, which infected computers globally and caused an 
estimated $10 billion in damage 


a 2018 hacking attack against the PyeongChang Winter Olympics in South Korea, in which GRU hackers 
attempting to disguise themselves as North Korean hackers used malware to disrupt the opening 
ceremony 


a 2018 hacking campaign against UK, European, and Organization for the Prohibition of Chemical 
Weapons investigations into the nerve agent attack against Sergei Skripal and his daughter 


e a2018-2019 cyber campaign against Georgian media companies and the Georgian parliament. 


Sources: Andy Greenberg, “The US Blames Russia’s GRU for Sweeping Cyberattacks in Georgia,” Wired, 
February 20, 2020; Kate Connolly, “Russian Hacking Attack on Bundestag Damaged Trust, Says Merkel,” Guardian, 
May 13, 2020; Catherine Stupp, “Germany Seeks EU Sanctions for 2015 Cyberattack on Its Parliament,” Wall 
Street Journal, June | 1, 2020; U.S. v. Yuriy Sergeyevich Andrienko et al., 20316 (United States District Court of 
Western Pennsylvania 2020); U.S. Department of Justice, “Six Russian GRU Officers Charged in Connection with 
Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace,” press release, 
October 19, 2020; Robin Emmott, “EU Imposes Sanctions on Russian Military Intelligence Chief,” Reuters, 
October 22, 2020. 





Unit 26165 


Unit 26165 was established as the 85" Main Special Service Center during the Cold War, 
responsible for military intelligence’s cryptography.'™* Often referred to as APT 28 or Fancy 
Bear, Unit 26165 is one of two units identified by the U.S. government responsible for hacking 
the Democratic Congressional Campaign Committee (DCCC), the Democratic National 
Committee (DNC), and the presidential campaign of Hillary Clinton (see “2016 Election 
Interference,” below).!”° 
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Unit 74455 


Unit 74455 appears to be a newer unit created to help support and expand the GRU’s cyber 
capabilities." Unit 74455 also is known as the Main Center for Special Technologies and is 
commonly referred to by media reports and the U.S. government as Sandworm. This cyber unit is 
linked to some of Russia’s most brazen cyber operations, such as the 2017 NotPetya attack in 
Ukraine.!?” On October 19, 2020, the U.S. Department of Justice unsealed indictments against six 
members of Unit 74455 for attacks on various international targets (see “GRU Cyber Operations 
and October 2020 Indictment,” above). 


Unit 54777 


This unit, also known as the 72" Special Service Center, is reportedly responsible for the GRU’s 
psychological operations.'”8 This includes operating in support of other GRU cyber units and 
operating on the tactical level by conducting electronic warfare and psychological operations. 
Media reports have linked Unit 54777 to online disinformation campaigns, specifically regarding 
the COVID-19 pandemic.!” 


2016 Election Interference 


According to U.S. Special Counsel Robert Mueller, the intelligence community (the IC, 
comprising the Central Intelligence Agency, National Security Agency, Federal Bureau of 
Investigation Intelligence Branch, and fourteen other statutory elements), and subsequent 
investigations by the House and Senate Intelligence Committees, Russia conducted an extensive 
effort to interfere in the 2016 U.S. presidential election.'*° Then-Director of National Intelligence 
Dan Coats stated, “Russia conducted an unprecedented influence campaign to interfere in the 
U.S. electoral and political process.”!?! Congressional leadership subsequently affirmed the IC’s 
assessment. !?? 


According to Mueller and investigations by the Senate Select Committee on Intelligence (SSCT), 
as well as numerous media reports, Units 26165 and 74455 were directly responsible for Russia’s 
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“hack-and-leak” operation.'*? Unit 26165 conducted an extensive effort to hack the emails and 
systems of the “DCCC and DNC, as well as email accounts of individuals affiliated with the 
[Hillary] Clinton Campaign.”'™ These investigations document Unit 74455 as responsible for 
releasing tens of thousands of the stolen documents through various fictitious online personas and 
in coordination with WikiLeaks.!*> 


According to the Special Counsel, SSCI, and the IC, beginning in March 2016, the GRU 
conducted an extensive spearphishing and malware campaign to hack the networks and email 
accounts of the DNC, DCCC, and Clinton campaign, including the email account of campaign 
chairperson John Podesta.'*° The GRU stole tens of thousands of documents and emails from 
these accounts until at least September 2016.17 Using numerous social media aliases, including 
“DCLeaks” and “Guccifer 2.0,” Unit 74455 coordinated the release of stolen documents to 
interfere in the 2016 election.'** According to SSCI, the GRU used these aliases to communicate 
with WikiLeaks to transmit stolen documents, which WikiLeaks then released for “maximum 
political impact” starting on the eve of the 2016 Democratic National Convention. !?° 


Recent Cyber Activities 


The GRU appears to be continuing and adapting its cyber operations abroad, despite numerous 
indictments and the exposure of multiple operations. In September 2020, Federal Bureau of 
Investigation (FBI) Director Christopher Wray stated that Russia had “very active efforts” to 
interfere in the 2020 elections.'*° In March 2021, the Director of National Intelligence released 
the IC’s assessment of foreign interference in the 2020 election. The assessment stated that 
Russia conducted influence and disinformation operations but that, “Unlike in 2016, we did not 
see persistent Russian cyber efforts to gain access to election infrastructure.”'*' The U.S. 
government and media reporting implicates the GRU as central to these Russian efforts to hack 
into political campaigns and U.S. government agencies. !*” Further reporting and private sector 
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cybersecurity firms alleged the GRU hacked into the computer networks of the Ukrainian natural 
gas company Burisma, where President Joe Biden’s son, Hunter Biden, previously was a board 
member.'*? Both France and Germany have publicly accused GRU cyber units of conducting 
extensive and intense cyber espionage campaigns against government targets and in the run-up to 
elections." Additionally, a cybersecurity firm has tied the GRU to attempted breaches of U.S. 
critical infrastructure. '** In July 2021, a joint advisory of the National Security Agency, 
Cybersecurity and Infrastructure Security Agency, FBI, and the UK’s National Cyber Security 
Centre (NSA-CISA-NCSC-FBI) also identified Unit 26165 as conducting a “widespread, 
distributed, and anonymized brute force access attempts against hundreds of government and 
private sector targets worldwide.”'“° The agencies described the operation beginning in mid-2019 
and likely ongoing as of July 2021.1 


U.S. Policy Responses and Issues for Congress! 


The United States has been proactive in countering GRU operations and malign activities. The 
U.S. government has demonstrated a willingness to “name and shame” the GRU and its 
operations. Detailing substantial information regarding GRU personnel and operations potentially 
may dissuade or deter further actions due to the high risk of public exposure.'? 


After the 2016 presidential election, the U.S. Department of Justice pursued three indictments 
against a total of 21 GRU officers for malicious cyber activity, including interference in the 2016 
U.S. presidential election, disinformation and information campaigns, and offensive cyber 
operations leading to billions of dollars in losses.'°° The indictments, issued in 2018, detail the 
officers themselves; identify their units; and closely describe the operations, activities, and 
methods used by the GRU. 


The U.S. government also has imposed sanctions on the GRU and 21 GRU officers for the same 
and additional malign activities abroad.'°' Sanctions designations were made pursuant to 
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° The sharing of biometric information among allies also could potentially degrade operatives’ freedom and ability to 
travel and conduct operations. 
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Executive Order (EO) 13694, as amended, and Section 224 of the Countering Russian Influence 
in Europe and Eurasia Act of 2017 (CRIEEA; P.L. 115-44, Countering America’s Adversaries 
Through Sanctions Act [CAATSA], Title 11).!5? 


U.S. sanctions designations against the GRU and its officers include the following: 


e In December 2016, the Obama Administration designated the GRU and four 
GRU officers (as well as the FSB) for activities related to election interference, 
pursuant to EO 13694, as amended.!°? 


e In March 2018, the Trump Administration designated the GRU, the four GRU 
officers first designated in 2016, and two more GRU officers (as well as the FSB) 
for “destructive cyberattacks,” including the 2017 NotPetya malware attack, 
pursuant to Section 224 of CRIEEA. !* 


e In December 2018, the Trump Administration designated nine GRU officers for 
activities related to election interference; four GRU officers for cyber-enabled 
operations against the World Anti-Doping Agency and the OPCW; and two GRU 
officers for the nerve agent attack on Sergei Skripal and his daughter, pursuant to 
Section 224 of CRIEEA.’* 


Congress, the Administration, and analysts continue to debate the effectiveness of indictments 
and sanctions.'°° Media reporting suggests that in addition to “name and shame” strategies of 
indictments and sanctions, the U.S. government has authorized more aggressive and offensive use 
of cyber capabilities to thwart and deter Russian operations. Media reports allege that, over the 
past few years, the United States has conducted operations to disrupt internet access from an 
alleged Russian “troll farm” and conducted incursions and surveillance of Russia’s electric power 
grid.'°’ Although not specifically directed at the GRU, these actions may be intended to signal 
capabilities and potential costs, should Russia continue to conduct brazen cyber operations. 


The U.S. government also appears to be increasing its communication and coordination with 
private-sector actors to counter Russian and GRU cyber activity. In the October 2020 indictment 
(see “GRU Cyber Operations and October 2020 U.S. Indictment,” above), U.S. Department of 
Justice officials thanked “Google, including its Threat Analysis Group (TAG); Cisco, including its 
Talos Intelligence Group; Facebook; and Twitter, for the assistance they provided in this 
investigation.”!>* Additionally, media reporting suggests U.S. Cyber Command has closely 
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coordinated with private companies in operations against Russian disinformation and cyber 
operations.’ 


Outlook 


Congress and other interested stakeholders continue to debate the effectiveness of sanctions, 
indictments, and other “name and shame” strategies to counter malign Russian military 
intelligence activities. Due to its position, roles, and capabilities, the GRU prides itself on 
conducting aggressive and high-risk operations. Therefore, some observers argue, specific actions 
directed solely against the GRU may not have the desired level of impact. As a result, some 
observers argue that the exposure of the GRU and its operations is not necessarily a deterrent, as 
long as Russia’s political leadership finds it useful to have such an agency capable and willing to 
conduct such operations. 


Nonetheless, the exposure of GRU operations has led to some media reports of infighting among 
Russian security agencies seeking to take advantage of GRU exposure, thereby undermining 
Russian capabilities. After the 2018 attempted assassination of Sergei Skripal in the UK, the 
United States and several allies enacted sanctions and expelled Russian diplomats and suspected 
intelligence officers. Some reports suggest these measures not only created tensions within the 
Russian government, which blamed the GRU for its situation, but also may have limited Russian 
intelligence operations by expelling potential intelligence officers. Some observers argue that a 
full range of responses targeting other actors and sectors beyond the GRU may produce, or at 
least encourage, more desired Russian behavior; at the same time, it is unclear to what extent such 
responses would have any bearing on the GRU’s future actions. In addition to the wide range of 
options available, coordinating responses with allies could increase the costs to Russia and the 
effectiveness of policy options, while isolating Russia and the GRU in response to their 
aggressive actions. 
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